Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-29400

Опубликовано: 11 мая 2023
Источник: debian

Описание

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.4-1package
golang-1.19fixed1.19.9-1experimentalpackage
golang-1.19fixed1.19.10-2package
golang-1.19no-dsabookwormpackage
golang-1.19no-dsabullseyepackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

  • https://github.com/golang/go/issues/59722

  • https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)

  • https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)

Связанные уязвимости

ubuntu логотип

CVE-2023-29400

CVSS3: 7.3
ubuntu
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

redhat логотип

CVE-2023-29400

CVSS3: 7.3
redhat
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

nvd логотип

CVE-2023-29400

CVSS3: 7.3
nvd
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

msrc логотип

CVE-2023-29400

CVSS3: 7.3
msrc
около 2 месяцев назад

Improper handling of empty HTML attributes in html/template

github логотип

GHSA-c9hr-fvm9-7c49

CVSS3: 7.3
github
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.